Log message:
py-cryptography[_vectors]: updated to 2.3
2.3:
SECURITY ISSUE: \
:meth:~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag \
allowed tag truncation by default which can allow tag forgery in some cases. The \
method now enforces the min_tag_length provided to the \
:class:~cryptography.hazmat.primitives.ciphers.modes.GCM constructor. \
CVE-2018-10903
Added support for Python 3.7.
Added :meth:~cryptography.fernet.Fernet.extract_timestamp to get the \
authenticated timestamp of a :doc:Fernet </fernet> token.
Support for Python 2.7.x without hmac.compare_digest has been deprecated. We \
will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next \
cryptography release.
Fixed multiple issues preventing cryptography from compiling against LibreSSL 2.7.x.
Added \
:class:~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number \
for quick serial number searches in CRLs.
The :class:~cryptography.x509.RelativeDistinguishedName class now preserves the \
order of attributes. Duplicate attributes now raise an error instead of silently \
discarding duplicates.
:func:~cryptography.hazmat.primitives.keywrap.aes_key_unwrap and \
:func:~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding now \
raise :class:~cryptography.hazmat.primitives.keywrap.InvalidUnwrap if the \
wrapped key is an invalid length, instead of ValueError.

Log message:
py-cryptography[_vectors]: updated to 2.2.1
2.2.1:
Reverted a change to GeneralNames which prohibited having zero elements, due to \
breakages.
Fixed a bug in \
:func:~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding that \
caused it to raise InvalidUnwrap when key length modulo 8 was zero.

Log message:
py-cryptography[_vectors]: update to 2.1.1
2.1:
FINAL DEPRECATION Python 2.6 support is deprecated, and will be removed in the \
next release of cryptography.
BACKWARDS INCOMPATIBLE: Whirlpool, RIPEMD160, and UnsupportedExtension have been \
removed in accordance with our :doc:`/api-stability` policy.
BACKWARDS INCOMPATIBLE: :attr:`~cryptography.x509.DNSName.value`, \
:attr:`~cryptography.x509.RFC822Name.value`, and \
:attr:`~cryptography.x509.UniformResourceIdentifier.value` will now return an \
:term:`A-label` string when parsing a certificate containing an \
internationalized domain name (IDN) or if the caller passed a :term:`U-label` to \
the constructor. See below for additional deprecations related to this change.
Installing cryptography now requires pip 6 or newer.
Deprecated passing :term:`U-label` strings to the \
:class:`~cryptography.x509.DNSName`, \
:class:`~cryptography.x509.UniformResourceIdentifier`, and \
:class:`~cryptography.x509.RFC822Name` constructors. Instead, users should pass \
values as :term:`A-label` strings with idna encoding if necessary. This change \
will not affect anyone who is not processing internationalized domains.
Added support for \
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In most \
cases users should choose \
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` rather \
than using this unauthenticated form.
Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid` to \
:class:`~cryptography.x509.CertificateRevocationList`.
Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and \
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with \
:class:`~cryptography.hazmat.primitives.hmac.HMAC`.
Added support for :class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` \
mode for AES.
Added support for using labels with \
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using \
OpenSSL 1.0.2 or greater.
Improved compatibility with NSS when issuing certificates from an issuer that \
has a subject with non-UTF8String string types.
Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension.
Add support for the :class:`~cryptography.x509.TLSFeature` extension. This is \
commonly used for enabling OCSP Must-Staple in certificates.
Add support for the :class:`~cryptography.x509.FreshestCRL` extension.